- 15 April 2019 00:01
Convergence of Devices, IoT Creating New Opportunities for Cybercriminals
Sydney, AUSTRALIA - 15th April
Phil Quade, Chief Information Security Officer, Fortinet
“The age of Cy-Phy”—the convergence of cybersecurity things and physical spaces—is here. Although the appeal of this convergence to our digital economy is almost psy-fi in terms of imagination, unfortunately the cybersecurity risks are very real. Cybercriminals are closely watching and developing exploits that target this emerging digital convergence. Fundamental elements of cybersecurity, including visibility, automation, and agile segmentation, are more critical than ever to enable us to thrive in our Cy-Phy digital future, and to protect us against the malicious activities of our cyber adversaries.”
Jon McGettigan, Regional Director, ANZ, Fortinet
”Exploits are now at an all-time high, but we’re seeing them also become more complex and hard to detect. With the increased focus on digital transformation for local businesses its integral to build in security throughout the business, rather than as an afterthought, to properly secure not only your data but essential systems and services that impact your organisation, employees and customers. The way we do business has changed; the new status quo is to be cloud-first and digital, which means security must be a part of this approach from the beginning.”
Jack Chan, Network & Security Strategist, ANZ, Fortinet
“While Oceania may be far from the rest of the world physically, we are not far from cybercriminals. The latest Threat Report findings again highlight that geography does not spare out region from attack, but instead presents unique opportunities for exploits. Certain threats, such as the Gh0st botnet are significantly more prevalent in Oceania than in other regions, while industries including government, healthcare and education remain more at risk. The basics of security are more essential than ever, all while we must stay aware of new threats and how to protect against them.”
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the local findings of its latest quarterly Global Threat Landscape Report. The research reveals that cybercriminals are constantly evolving the sophistication of their attacks—from continuing to exploit the vast insecurity of IoT devices, to morphing open source malware tools into new threats and targeting vulnerable industries within Australia. Highlights of the report follow:
• Exploit Index All-time High: According to the Fortinet Threat Landscape Index, cybercriminals remained hard at work even during a holiday season. After a dramatic start, the Exploit Index settled in the latter half of the quarter. While cyber adversary activity overall subsided slightly, the number of exploits per firm grew 10%, while unique exploits detected increased 5%. At the same time, botnets become more complex and harder to detect. Time for infection of botnets increased by 15%, growing to an average of nearly 12 infection days per firm. As cybercriminals employ automation and machine learning to propagate attacks, security organisations need to do the same to combat these advanced methods.
• Industries at Risk: In Australia, the education, government and healthcare sectors remain among the most at risk. Education and healthcare have broad attack surfaces, with an extensive range of devices and evolving technological adoption where security may not always be the number one priority. While government tends to have a more locked-down environment, user education is still important to avoid exploits and manage ‘insider threats’.
• Monitor the Monitoring Devices: The convergence of physical things and cybersecurity is creating an expanded attack surface, one that cybercriminals are increasingly targeting. Half of the top 12 global exploits targeted IoT devices, and four of the top 12 were related to IP-enabled cameras. Access to these devices could enable cybercriminals to snoop on private interactions, enact malicious onsite activities, or gain an entry point into cyber systems to launch DDoS or ransomware attacks. It is important to be aware of hidden attacks even in devices we use to monitor or provide security.
• Tools Open to Anyone: Open source malware tools are very beneficial to the cybersecurity community, enabling teams to test defenses, researchers to analyse exploits, and instructors to use real-life examples. These openware tools are generally available from sharing sites such as GitHub, and as these are available to anyone, adversaries can also access them for nefarious activities. They are evolving and weaponising these malware tools into new threats, with ransomware comprising a significant number of them. An example where openware source code has been weaponised is the Mirai IoT botnet. An explosion of variants and activity continues to be catalogued since its release in 2016. For cybercriminals innovation continues to be the land of opportunity.
• The Proliferation of Steganography: Developments in steganography are bringing new life into an old attack type. While steganography is typically not used in high-frequency threats, the botnet Vawtrak made the list of “bursty” botnets. This demonstrates increased persistence for this attack type. In addition, during the quarter, malware samples were found to use steganography to conceal malicious payloads in memes passed along on social media. During the attack process after attempting to contact a C2 host, the malware then looks for images in an associated Twitter feed, downloads those images, and looks for hidden commands within the images to propagate activity. This undercover approach demonstrates adversaries continue to experiment in how they advance their malware while evading detection.
• Adware Infiltration: Adware is not just a nuisance, it has become a pervasive threat. Globally, Adware sits at the top of the list of malware infections for most regions—exceeding one-quarter of all infection types for Oceania and North America, and almost one-quarter for Europe. With adware now found to be in published apps and posted on authorized app stores, this attack type can pose a serious threat especially to unsuspecting mobile device users.
• Keeping an Eye on Operational Technology: With the ongoing convergence of Information Technology (IT) and Operations Technology (OT), a year in review shows the relative change in prevalence and frequency in attacks targeting industrial control systems (ICS). Unfortunately, most attacks gained ground on both scales of volume and prevalence. A cyberattack that successfully targets an OT system, could result in devastating physical consequences to such things as critical infrastructure and services, the environment, and even human life.
The Need for Integrated and Automated Security
The threat data in this quarter’s report once again reinforces many of the threat prediction trends unveiled by the FortiGuard Labs global research team. To stay ahead of the ongoing efforts of cybercriminals, organisations need to transform their security strategies as part of their digital transformation efforts. A security fabric is needed to span the entire networked environment from the IoT endpoint to multi-clouds to integrate each security element to address today’s growing threat environment and to protect the expanding attack surface. This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides the automated remediation required for today’s threats.
Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of global sensors during Q4 2018. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter. The report also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyberattacks affecting organisations over time.
• Read our blog for more information about the research or to access the full threat report.
• View the Fortinet Threat Landscape Indices for botnets, malware, and exploits for Q4, 2018.
• Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio. Sign up for the weekly FortiGuard Threat Intelligence Briefs.
• Learn more about the FortiGuard Security Rating Service, which provides security audits and best practices.
• Read more about our Network Security Expert program, Network Security Academy program or our FortiVets program.
• Read more about the Fortinet Security Fabric or the Third Generation of Cybersecurity.
• Follow Fortinet on Twitter, LinkedIn, Facebook, YouTube, and Instagram.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 330,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail, FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.